• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Help with best practices for plesk firewall security

stas styler

stas styler

Basic Pleskian
Dear pleskers,
I've encountered several attacks on my server that made my server very slow and got all my clients down.
I've managed to respond quick and solve it, but I guess there are people over here that secured their servers even better.

I use atomic advanced mod security + ddos deflate + plesk firewall + restrictive fail2ban.
Do you guys know best practices for plesk firewall? any good rule set? is there any way to add custom iptables rules with plesk firewall on?
 
It is recommended to deactivate all ports that are not needed for conducting business. For example, if you are not using the single sign on service, deactivate the entry in the firewall. You can also add custom rules and chains to iptables by using the standard iptables commands on the Linux console.

It is best practice to block malicious traffic before it reaches your host, e.g. by using a hardware firewall in a router in front of your server.

Some people use Cloudflare to distribute their website globally, so that if your server is under attack, cloudflare can still deliver the site from their mirrors. However, this only works for static content.
 
Peter Debik said:
It is recommended to deactivate all ports that are not needed for conducting business. For example, if you are not using the single sign on service, deactivate the entry in the firewall. You can also add custom rules and chains to iptables by using the standard iptables commands on the Linux console.

It is best practice to block malicious traffic before it reaches your host, e.g. by using a hardware firewall in a router in front of your server.

Some people use Cloudflare to distribute their website globally, so that if your server is under attack, cloudflare can still deliver the site from their mirrors. However, this only works for static content.
Click to expand...

Thanks for your reply.

1.I thought of the same method of using iptables to block any kind of threat, but I read somewhere here that plesk firewall script overrides the rules every time I apply rules through plesk firewall. Is that true? if so, is there any way to make them work together?

2. I'm hosting about 300 websites as a hosting company, cloudflare is working on the website field and not the server field. Every customer is either using my DNS server or cloudflare's it is really up to them. Unfortunately cloudflare doesn't offer dns services for servers...
 
1) Plesk does not overwrite your individual rules.

2) Cloudflare is a content distribution service. Thus an attack that is coming from a certain part of the world will be limited to the proxy cloudflare host and not reach your server unless dynamic content is being attacked (the other mirrors will still deliver your site even if one network segment has issues).
 
If you have a lot of client using WordPress and you are in a position to enforce a WordFence install you could consider the script I wrote that adds rules to the firewall.

It's a learning system that adds IP's to a monthly set. There are 2 sets... An uneven month set and an even month set that are both enforced....
IP's are added as they are found by WordFence to the current month (even or uneven).
On the first day of the month the set of the month that still contained IP's assembled during the previous run will go to a spare set and the current month will be emptied.
That spare set will not be enforced, but used as a reminder.
The assembling of IP's will start again. IP's of the spare set will have a chance again of accessing sites, but if one of those IP's misbehaves (they are coming back after being blocked for at least a month) they well be added to a set that we'll get them permanently blocked.

None of what I wrote was copied although I can easily imagine it has been thought of before. I think it's much more elegant than fail2ban.

It's published in this forum. Another way of protecting your server is using another script of mine that blocks specific countries or the reverse. Blocking the whole world and then letting through some specific countries.

For SSH there's a very effective ruleset that uses the "recent module" of iptables and it will protect you from any bruteforce attack...

Search with iptables and my name in this forum and read.....


My firewall is just a manually maintained text file that's loaded with iptables-restore.

Every new Plesk install I examine what "they" want to open up and adapt if necessary.
 
Last edited:
You must log in or register to reply here.

Similar threads

A
Question Plesk firewall - CrowdSec iptables interaction
Replies
3
Views
487
andg
A
F
Question IPv4 forwarding rule
Replies
8
Views
381
alvarezcruz
alvarezcruz
A
Resolved Plesk Firewall and Samba
2
Replies
22
Views
3K
Raul A.
R
J
Question Plesk Firewall is blocking requests even with configured rules
Replies
2
Views
1K
Johnny9977
J
W
Question How to Prevent High Connection Counts Causing High Memory Usage (Possible DDoS?)
Replies
7
Views
2K
Bitpalast
Bitpalast
Back
Top